

<!DOCTYPE html>
<html lang="en">

<head>
  <meta charset="UTF-8">
  <meta name="viewport" content="width=device-width, initial-scale=1.0">
  <title>Document</title>
    <style>
    /* base */
    html,
    body,
    .container {
      width: 100%;
      height: 100%;
    }

    a,
    a:link,
    a:visited {
      text-decoration: none;
      color: inherit;
    }

    ul {
      list-style: none;
    }

    *,
    ::before,
    ::after {
      box-sizing: border-box;
      margin: 0;
      padding: 0;
    }

    *:focus {
      outline: 0;
    }

    .container {
      display: flex;
      padding-top: 20px;
    }

    /* Nav */
    .container .doc-nav {
      position: fixed;
      height: 100%;
      margin: 0 30px 0 40px;
      width: 280px;
    }

    .doc-nav .nav-header {
      display: flex;
      align-items: center;
      box-sizing: border-box;
      background-color: rgb(240, 241, 242);
      height: 40px;
      padding: 16px;
      font-size: 18px;
      font-weight: 500;
      color: rgb(62, 64, 66);
      cursor: pointer;
    }

    .doc-nav .nav-content {
      height: calc(100% - 40px);
      overflow-y: auto;
      color: rgb(32, 34, 36);
    }

    .doc-nav .nav-content .nav-list,
    .doc-nav .nav-content .nav-sub-list {
      line-height: 1.5rem;
    }

    .doc-nav .nav-content .nav-label {
      display: inline-block;
      position: relative;
      padding: 2px 0 2px 20px;
      margin-bottom: 4px;
    }

    .doc-nav .nav-content .nav-sub-label {
      position: relative;
      padding: 2px 0 2px 40px;
      font-size: 14px;
    }

    .doc-nav .nav-content .nav-sub-label:hover {
      text-decoration: underline;
    }

    .doc-nav .nav-content .nav-list .nav-label.group::before {
      border-bottom: 0.25rem solid transparent;
      border-left: 0.25rem solid #6e7072;
      border-right: 0;
      border-top: 0.25rem solid transparent;
      content: '';
      display: block;
      height: 0;
      left: 0.5rem;
      position: absolute;
      top: 0.625rem;
      transition: transform 0.1s linear;
      width: 0;
    }

    .doc-nav .nav-content .nav-list .nav-label.group.active::before {
      transform: rotate(90deg);
    }

    /* doc content */
    .container .doc-content {
      position: fixed;
      height: 100%;
      width: calc(100% - 80px - 40px - 30px - 240px);
      right: 0%;
      overflow-y: auto;
    }

    .doc-title {
      border-bottom: 1px solid #dcdee0;
      font-size: 22px;
      margin: 8px 0 0;
      padding-bottom: 16px;
    }

    .doc-content h3 {
      font-size: 24px;
      font-weight: 600;
      margin: 24px 0;
    }

    .doc-content h4 {
      font-size: 22px;
      font-weight: 500;
      margin: 30px 0 8px;
    }

    .doc-content h4 span {
      color: #007d9c;
    }

    .doc-content .doc-declare {
      background-color: #fafafa;
      border-radius: 5px;
      border: 1px solid #ccc;
      font-size: 14px;
      overflow-x: auto;
      padding: 10px;
      tab-size: 4;
      line-height: 20px;
    }

    .doc-content .doc-comment {
      font-size: 16px;
      margin: 16px 0;
      line-height: 24px;
      word-break: break-word;
    }
  </style>

</head>
<body>
  <div class="container">
    <div class="doc-nav">
      <a href="#Documentation" class="nav-header">Documentation</a>
      <nav class="nav-content">
        <ul class="nav-list">
          <li>
            <a href="#includes" class="nav-label">Includes</a>
             
            <ul class="nav-sub-list">

              <li>
                <a href="#config.h" class="nav-sub-label">config.h</a>
              </li>
      

              <li>
                <a href="#MBEDTLS_CONFIG_FILE" class="nav-sub-label">MBEDTLS_CONFIG_FILE</a>
              </li>
      

              <li>
                <a href="#bignum.h" class="nav-sub-label">bignum.h</a>
              </li>
      

              <li>
                <a href="#md.h" class="nav-sub-label">md.h</a>
              </li>
      

              <li>
                <a href="#threading.h" class="nav-sub-label">threading.h</a>
              </li>
      

              <li>
                <a href="#rsa_alt.h" class="nav-sub-label">rsa_alt.h</a>
              </li>
      
            </ul>
            
          </li>
          <li>
            <a href="#macros" class="nav-label">Macros</a>
             
            <ul class="nav-sub-list">

              <li>
                <a href="#MBEDTLS_RSA_H" class="nav-sub-label">MBEDTLS_RSA_H</a>
              </li>
      

              <li>
                <a href="#MBEDTLS_ERR_RSA_BAD_INPUT_DATA" class="nav-sub-label">MBEDTLS_ERR_RSA_BAD_INPUT_DATA</a>
              </li>
      

              <li>
                <a href="#MBEDTLS_ERR_RSA_INVALID_PADDING" class="nav-sub-label">MBEDTLS_ERR_RSA_INVALID_PADDING</a>
              </li>
      

              <li>
                <a href="#MBEDTLS_ERR_RSA_KEY_GEN_FAILED" class="nav-sub-label">MBEDTLS_ERR_RSA_KEY_GEN_FAILED</a>
              </li>
      

              <li>
                <a href="#MBEDTLS_ERR_RSA_KEY_CHECK_FAILED" class="nav-sub-label">MBEDTLS_ERR_RSA_KEY_CHECK_FAILED</a>
              </li>
      

              <li>
                <a href="#MBEDTLS_ERR_RSA_PUBLIC_FAILED" class="nav-sub-label">MBEDTLS_ERR_RSA_PUBLIC_FAILED</a>
              </li>
      

              <li>
                <a href="#MBEDTLS_ERR_RSA_PRIVATE_FAILED" class="nav-sub-label">MBEDTLS_ERR_RSA_PRIVATE_FAILED</a>
              </li>
      

              <li>
                <a href="#MBEDTLS_ERR_RSA_VERIFY_FAILED" class="nav-sub-label">MBEDTLS_ERR_RSA_VERIFY_FAILED</a>
              </li>
      

              <li>
                <a href="#MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE" class="nav-sub-label">MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE</a>
              </li>
      

              <li>
                <a href="#MBEDTLS_ERR_RSA_RNG_FAILED" class="nav-sub-label">MBEDTLS_ERR_RSA_RNG_FAILED</a>
              </li>
      

              <li>
                <a href="#MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION" class="nav-sub-label">MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION</a>
              </li>
      

              <li>
                <a href="#MBEDTLS_ERR_RSA_HW_ACCEL_FAILED" class="nav-sub-label">MBEDTLS_ERR_RSA_HW_ACCEL_FAILED</a>
              </li>
      

              <li>
                <a href="#MBEDTLS_RSA_PUBLIC" class="nav-sub-label">MBEDTLS_RSA_PUBLIC</a>
              </li>
      

              <li>
                <a href="#MBEDTLS_RSA_PRIVATE" class="nav-sub-label">MBEDTLS_RSA_PRIVATE</a>
              </li>
      

              <li>
                <a href="#MBEDTLS_RSA_PKCS_V15" class="nav-sub-label">MBEDTLS_RSA_PKCS_V15</a>
              </li>
      

              <li>
                <a href="#MBEDTLS_RSA_PKCS_V21" class="nav-sub-label">MBEDTLS_RSA_PKCS_V21</a>
              </li>
      

              <li>
                <a href="#MBEDTLS_RSA_SIGN" class="nav-sub-label">MBEDTLS_RSA_SIGN</a>
              </li>
      

              <li>
                <a href="#MBEDTLS_RSA_CRYPT" class="nav-sub-label">MBEDTLS_RSA_CRYPT</a>
              </li>
      

              <li>
                <a href="#MBEDTLS_RSA_SALT_LEN_ANY" class="nav-sub-label">MBEDTLS_RSA_SALT_LEN_ANY</a>
              </li>
      
            </ul>
            
          </li>
          <li>
            <a href="#functions" class="nav-label">Functions</a>
             
            <ul class="nav-sub-list">

              <li>
                <a href="#mbedtls_rsa_init" class="nav-sub-label">mbedtls_rsa_init</a>
              </li>
      

              <li>
                <a href="#mbedtls_rsa_import" class="nav-sub-label">mbedtls_rsa_import</a>
              </li>
      

              <li>
                <a href="#mbedtls_rsa_import_raw" class="nav-sub-label">mbedtls_rsa_import_raw</a>
              </li>
      

              <li>
                <a href="#mbedtls_rsa_complete" class="nav-sub-label">mbedtls_rsa_complete</a>
              </li>
      

              <li>
                <a href="#mbedtls_rsa_export" class="nav-sub-label">mbedtls_rsa_export</a>
              </li>
      

              <li>
                <a href="#mbedtls_rsa_export_raw" class="nav-sub-label">mbedtls_rsa_export_raw</a>
              </li>
      

              <li>
                <a href="#mbedtls_rsa_export_crt" class="nav-sub-label">mbedtls_rsa_export_crt</a>
              </li>
      

              <li>
                <a href="#mbedtls_rsa_set_padding" class="nav-sub-label">mbedtls_rsa_set_padding</a>
              </li>
      

              <li>
                <a href="#mbedtls_rsa_get_len" class="nav-sub-label">mbedtls_rsa_get_len</a>
              </li>
      

              <li>
                <a href="#mbedtls_rsa_gen_key" class="nav-sub-label">mbedtls_rsa_gen_key</a>
              </li>
      

              <li>
                <a href="#mbedtls_rsa_check_pubkey" class="nav-sub-label">mbedtls_rsa_check_pubkey</a>
              </li>
      

              <li>
                <a href="#mbedtls_rsa_check_privkey" class="nav-sub-label">mbedtls_rsa_check_privkey</a>
              </li>
      

              <li>
                <a href="#mbedtls_rsa_check_pub_priv" class="nav-sub-label">mbedtls_rsa_check_pub_priv</a>
              </li>
      

              <li>
                <a href="#mbedtls_rsa_public" class="nav-sub-label">mbedtls_rsa_public</a>
              </li>
      

              <li>
                <a href="#mbedtls_rsa_private" class="nav-sub-label">mbedtls_rsa_private</a>
              </li>
      

              <li>
                <a href="#mbedtls_rsa_pkcs1_encrypt" class="nav-sub-label">mbedtls_rsa_pkcs1_encrypt</a>
              </li>
      

              <li>
                <a href="#mbedtls_rsa_rsaes_pkcs1_v15_encrypt" class="nav-sub-label">mbedtls_rsa_rsaes_pkcs1_v15_encrypt</a>
              </li>
      

              <li>
                <a href="#mbedtls_rsa_rsaes_oaep_encrypt" class="nav-sub-label">mbedtls_rsa_rsaes_oaep_encrypt</a>
              </li>
      

              <li>
                <a href="#mbedtls_rsa_pkcs1_decrypt" class="nav-sub-label">mbedtls_rsa_pkcs1_decrypt</a>
              </li>
      

              <li>
                <a href="#mbedtls_rsa_rsaes_pkcs1_v15_decrypt" class="nav-sub-label">mbedtls_rsa_rsaes_pkcs1_v15_decrypt</a>
              </li>
      

              <li>
                <a href="#mbedtls_rsa_rsaes_oaep_decrypt" class="nav-sub-label">mbedtls_rsa_rsaes_oaep_decrypt</a>
              </li>
      

              <li>
                <a href="#mbedtls_rsa_pkcs1_sign" class="nav-sub-label">mbedtls_rsa_pkcs1_sign</a>
              </li>
      

              <li>
                <a href="#mbedtls_rsa_rsassa_pkcs1_v15_sign" class="nav-sub-label">mbedtls_rsa_rsassa_pkcs1_v15_sign</a>
              </li>
      

              <li>
                <a href="#mbedtls_rsa_rsassa_pss_sign" class="nav-sub-label">mbedtls_rsa_rsassa_pss_sign</a>
              </li>
      

              <li>
                <a href="#mbedtls_rsa_pkcs1_verify" class="nav-sub-label">mbedtls_rsa_pkcs1_verify</a>
              </li>
      

              <li>
                <a href="#mbedtls_rsa_rsassa_pkcs1_v15_verify" class="nav-sub-label">mbedtls_rsa_rsassa_pkcs1_v15_verify</a>
              </li>
      

              <li>
                <a href="#mbedtls_rsa_rsassa_pss_verify" class="nav-sub-label">mbedtls_rsa_rsassa_pss_verify</a>
              </li>
      

              <li>
                <a href="#mbedtls_rsa_rsassa_pss_verify_ext" class="nav-sub-label">mbedtls_rsa_rsassa_pss_verify_ext</a>
              </li>
      

              <li>
                <a href="#mbedtls_rsa_copy" class="nav-sub-label">mbedtls_rsa_copy</a>
              </li>
      

              <li>
                <a href="#mbedtls_rsa_free" class="nav-sub-label">mbedtls_rsa_free</a>
              </li>
      

              <li>
                <a href="#mbedtls_rsa_self_test" class="nav-sub-label">mbedtls_rsa_self_test</a>
              </li>
      
            </ul>
            
          </li>
          <li>
            <a href="#vars" class="nav-label">Vars</a>
            
            <ul class="nav-sub-list">
            
            </ul>
            
          </li>
          <li>
            <a href="#consts" class="nav-label">Consts</a>
            
            <ul class="nav-sub-list">
            
            </ul>
            
          </li>
          <li>
            <a href="#types" class="nav-label">Types</a>
            
            <ul class="nav-sub-list">
            
            </ul>
            
          </li>
          <li>
            <a href="#typedefs" class="nav-label">Typedefs</a>
             
            <ul class="nav-sub-list">

              <li>
                <a href="#
mbedtls_rsa_context;
" class="nav-sub-label">
mbedtls_rsa_context;
</a>
              </li>
      
            </ul>
            
          </li>
        </ul>
      </nav>
    </div>
    <div class="doc-content">
      <h2 id="Documentation" class="doc-title">Documentation</h2>
      <h3 id="includes">Includes</h3>
      

      <h4 id="config.h"><span>config.h</span></h4>
      <pre class="doc-declare"><code>#include "config.h"
</code></pre>
      <pre class="doc-comment">#include "config.h"
</pre>

      <h4 id="MBEDTLS_CONFIG_FILE"><span>MBEDTLS_CONFIG_FILE</span></h4>
      <pre class="doc-declare"><code>#include MBEDTLS_CONFIG_FILE
</code></pre>
      <pre class="doc-comment">#include MBEDTLS_CONFIG_FILE
</pre>

      <h4 id="bignum.h"><span>bignum.h</span></h4>
      <pre class="doc-declare"><code>#include "bignum.h"
</code></pre>
      <pre class="doc-comment">#include "bignum.h"
</pre>

      <h4 id="md.h"><span>md.h</span></h4>
      <pre class="doc-declare"><code>#include "md.h"
</code></pre>
      <pre class="doc-comment">#include "md.h"
</pre>

      <h4 id="threading.h"><span>threading.h</span></h4>
      <pre class="doc-declare"><code>#include "threading.h"
</code></pre>
      <pre class="doc-comment">#include "threading.h"
</pre>

      <h4 id="rsa_alt.h"><span>rsa_alt.h</span></h4>
      <pre class="doc-declare"><code>#include "rsa_alt.h"
</code></pre>
      <pre class="doc-comment">#include "rsa_alt.h"
</pre>
      <h3 id="macros">Macros</h3>
      

      <h4 id="MBEDTLS_RSA_H">Marco <span>MBEDTLS_RSA_H</span></h4>
      <pre class="doc-declare"><code>#define MBEDTLS_RSA_H
</code></pre>
      <pre class="doc-comment"></pre>

      <h4 id="MBEDTLS_ERR_RSA_BAD_INPUT_DATA">Marco <span>MBEDTLS_ERR_RSA_BAD_INPUT_DATA</span></h4>
      <pre class="doc-declare"><code>#define MBEDTLS_ERR_RSA_BAD_INPUT_DATA                   -16512 /**< Bad input parameters to function. */
</code></pre>
      <pre class="doc-comment">/*
 * RSA Error codes
 */</pre>

      <h4 id="MBEDTLS_ERR_RSA_INVALID_PADDING">Marco <span>MBEDTLS_ERR_RSA_INVALID_PADDING</span></h4>
      <pre class="doc-declare"><code>#define MBEDTLS_ERR_RSA_INVALID_PADDING                  -16640 /**< Input data contains invalid padding and is rejected. */
</code></pre>
      <pre class="doc-comment"></pre>

      <h4 id="MBEDTLS_ERR_RSA_KEY_GEN_FAILED">Marco <span>MBEDTLS_ERR_RSA_KEY_GEN_FAILED</span></h4>
      <pre class="doc-declare"><code>#define MBEDTLS_ERR_RSA_KEY_GEN_FAILED                   -16768 /**< Something failed during generation of a key. */
</code></pre>
      <pre class="doc-comment"></pre>

      <h4 id="MBEDTLS_ERR_RSA_KEY_CHECK_FAILED">Marco <span>MBEDTLS_ERR_RSA_KEY_CHECK_FAILED</span></h4>
      <pre class="doc-declare"><code>#define MBEDTLS_ERR_RSA_KEY_CHECK_FAILED                 -16896 /**< Key failed to pass the validity check of the library. */
</code></pre>
      <pre class="doc-comment"></pre>

      <h4 id="MBEDTLS_ERR_RSA_PUBLIC_FAILED">Marco <span>MBEDTLS_ERR_RSA_PUBLIC_FAILED</span></h4>
      <pre class="doc-declare"><code>#define MBEDTLS_ERR_RSA_PUBLIC_FAILED                    -17024 /**< The public key operation failed. */
</code></pre>
      <pre class="doc-comment"></pre>

      <h4 id="MBEDTLS_ERR_RSA_PRIVATE_FAILED">Marco <span>MBEDTLS_ERR_RSA_PRIVATE_FAILED</span></h4>
      <pre class="doc-declare"><code>#define MBEDTLS_ERR_RSA_PRIVATE_FAILED                   -17152 /**< The private key operation failed. */
</code></pre>
      <pre class="doc-comment"></pre>

      <h4 id="MBEDTLS_ERR_RSA_VERIFY_FAILED">Marco <span>MBEDTLS_ERR_RSA_VERIFY_FAILED</span></h4>
      <pre class="doc-declare"><code>#define MBEDTLS_ERR_RSA_VERIFY_FAILED                    -17280 /**< The PKCS#1 verification failed. */
</code></pre>
      <pre class="doc-comment"></pre>

      <h4 id="MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE">Marco <span>MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE</span></h4>
      <pre class="doc-declare"><code>#define MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE                 -17408 /**< The output buffer for decryption is not large enough. */
</code></pre>
      <pre class="doc-comment"></pre>

      <h4 id="MBEDTLS_ERR_RSA_RNG_FAILED">Marco <span>MBEDTLS_ERR_RSA_RNG_FAILED</span></h4>
      <pre class="doc-declare"><code>#define MBEDTLS_ERR_RSA_RNG_FAILED                       -17536 /**< The random generator failed to generate non-zeros. */
</code></pre>
      <pre class="doc-comment"></pre>

      <h4 id="MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION">Marco <span>MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION</span></h4>
      <pre class="doc-declare"><code>#define MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION            -17664 /**< The implementation does not offer the requested operation, for example, because of security violations or lack of functionality. */
</code></pre>
      <pre class="doc-comment">/* MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION is deprecated and should not be used.
 */</pre>

      <h4 id="MBEDTLS_ERR_RSA_HW_ACCEL_FAILED">Marco <span>MBEDTLS_ERR_RSA_HW_ACCEL_FAILED</span></h4>
      <pre class="doc-declare"><code>#define MBEDTLS_ERR_RSA_HW_ACCEL_FAILED                  -17792 /**< RSA hardware accelerator failed. */
</code></pre>
      <pre class="doc-comment">/* MBEDTLS_ERR_RSA_HW_ACCEL_FAILED is deprecated and should not be used. */</pre>

      <h4 id="MBEDTLS_RSA_PUBLIC">Marco <span>MBEDTLS_RSA_PUBLIC</span></h4>
      <pre class="doc-declare"><code>#define MBEDTLS_RSA_PUBLIC     0 /**< Request private key operation. */
</code></pre>
      <pre class="doc-comment">/*
 * RSA constants
 */</pre>

      <h4 id="MBEDTLS_RSA_PRIVATE">Marco <span>MBEDTLS_RSA_PRIVATE</span></h4>
      <pre class="doc-declare"><code>#define MBEDTLS_RSA_PRIVATE    1 /**< Request public key operation. */
</code></pre>
      <pre class="doc-comment"></pre>

      <h4 id="MBEDTLS_RSA_PKCS_V15">Marco <span>MBEDTLS_RSA_PKCS_V15</span></h4>
      <pre class="doc-declare"><code>#define MBEDTLS_RSA_PKCS_V15   0 /**< Use PKCS#1 v1.5 encoding. */
</code></pre>
      <pre class="doc-comment"></pre>

      <h4 id="MBEDTLS_RSA_PKCS_V21">Marco <span>MBEDTLS_RSA_PKCS_V21</span></h4>
      <pre class="doc-declare"><code>#define MBEDTLS_RSA_PKCS_V21   1 /**< Use PKCS#1 v2.1 encoding. */
</code></pre>
      <pre class="doc-comment"></pre>

      <h4 id="MBEDTLS_RSA_SIGN">Marco <span>MBEDTLS_RSA_SIGN</span></h4>
      <pre class="doc-declare"><code>#define MBEDTLS_RSA_SIGN       1 /**< Identifier for RSA signature operations. */
</code></pre>
      <pre class="doc-comment"></pre>

      <h4 id="MBEDTLS_RSA_CRYPT">Marco <span>MBEDTLS_RSA_CRYPT</span></h4>
      <pre class="doc-declare"><code>#define MBEDTLS_RSA_CRYPT      2 /**< Identifier for RSA encryption and decryption operations. */
</code></pre>
      <pre class="doc-comment"></pre>

      <h4 id="MBEDTLS_RSA_SALT_LEN_ANY">Marco <span>MBEDTLS_RSA_SALT_LEN_ANY</span></h4>
      <pre class="doc-declare"><code>#define MBEDTLS_RSA_SALT_LEN_ANY   -1
</code></pre>
      <pre class="doc-comment"></pre>
      <h3 id="functions">Functions</h3>
      

      <h4 id="mbedtls_rsa_init">Func <span>mbedtls_rsa_init</span></h4>
      <pre class="doc-declare"><code>void mbedtls_rsa_init( mbedtls_rsa_context *ctx,
                      int padding,
                      int hash_id );</code></pre>
      <pre class="doc-comment">/**
 * \brief          This function initializes an RSA context.
 *
 * \note           Set padding to #MBEDTLS_RSA_PKCS_V21 for the RSAES-OAEP
 *                 encryption scheme and the RSASSA-PSS signature scheme.
 *
 * \note           The \p hash_id parameter is ignored when using
 *                 #MBEDTLS_RSA_PKCS_V15 padding.
 *
 * \note           The choice of padding mode is strictly enforced for private key
 *                 operations, since there might be security concerns in
 *                 mixing padding modes. For public key operations it is
 *                 a default value, which can be overriden by calling specific
 *                 \c rsa_rsaes_xxx or \c rsa_rsassa_xxx functions.
 *
 * \note           The hash selected in \p hash_id is always used for OEAP
 *                 encryption. For PSS signatures, it is always used for
 *                 making signatures, but can be overriden for verifying them.
 *                 If set to #MBEDTLS_MD_NONE, it is always overriden.
 *
 * \param ctx      The RSA context to initialize. This must not be \c NULL.
 * \param padding  The padding mode to use. This must be either
 *                 #MBEDTLS_RSA_PKCS_V15 or #MBEDTLS_RSA_PKCS_V21.
 * \param hash_id  The hash identifier of ::mbedtls_md_type_t type, if
 *                 \p padding is #MBEDTLS_RSA_PKCS_V21. It is unused
 *                 otherwise.
 */</pre>

      <h4 id="mbedtls_rsa_import">Func <span>mbedtls_rsa_import</span></h4>
      <pre class="doc-declare"><code>int mbedtls_rsa_import( mbedtls_rsa_context *ctx,
                       const mbedtls_mpi *N,
                       const mbedtls_mpi *P, const mbedtls_mpi *Q,
                       const mbedtls_mpi *D, const mbedtls_mpi *E );</code></pre>
      <pre class="doc-comment">/**
 * \brief          This function imports a set of core parameters into an
 *                 RSA context.
 *
 * \note           This function can be called multiple times for successive
 *                 imports, if the parameters are not simultaneously present.
 *
 *                 Any sequence of calls to this function should be followed
 *                 by a call to mbedtls_rsa_complete(), which checks and
 *                 completes the provided information to a ready-for-use
 *                 public or private RSA key.
 *
 * \note           See mbedtls_rsa_complete() for more information on which
 *                 parameters are necessary to set up a private or public
 *                 RSA key.
 *
 * \note           The imported parameters are copied and need not be preserved
 *                 for the lifetime of the RSA context being set up.
 *
 * \param ctx      The initialized RSA context to store the parameters in.
 * \param N        The RSA modulus. This may be \c NULL.
 * \param P        The first prime factor of \p N. This may be \c NULL.
 * \param Q        The second prime factor of \p N. This may be \c NULL.
 * \param D        The private exponent. This may be \c NULL.
 * \param E        The public exponent. This may be \c NULL.
 *
 * \return         \c 0 on success.
 * \return         A non-zero error code on failure.
 */</pre>

      <h4 id="mbedtls_rsa_import_raw">Func <span>mbedtls_rsa_import_raw</span></h4>
      <pre class="doc-declare"><code>int mbedtls_rsa_import_raw( mbedtls_rsa_context *ctx,
                           unsigned char const *N, size_t N_len,
                           unsigned char const *P, size_t P_len,
                           unsigned char const *Q, size_t Q_len,
                           unsigned char const *D, size_t D_len,
                           unsigned char const *E, size_t E_len );</code></pre>
      <pre class="doc-comment">/**
 * \brief          This function imports core RSA parameters, in raw big-endian
 *                 binary format, into an RSA context.
 *
 * \note           This function can be called multiple times for successive
 *                 imports, if the parameters are not simultaneously present.
 *
 *                 Any sequence of calls to this function should be followed
 *                 by a call to mbedtls_rsa_complete(), which checks and
 *                 completes the provided information to a ready-for-use
 *                 public or private RSA key.
 *
 * \note           See mbedtls_rsa_complete() for more information on which
 *                 parameters are necessary to set up a private or public
 *                 RSA key.
 *
 * \note           The imported parameters are copied and need not be preserved
 *                 for the lifetime of the RSA context being set up.
 *
 * \param ctx      The initialized RSA context to store the parameters in.
 * \param N        The RSA modulus. This may be \c NULL.
 * \param N_len    The Byte length of \p N; it is ignored if \p N == NULL.
 * \param P        The first prime factor of \p N. This may be \c NULL.
 * \param P_len    The Byte length of \p P; it ns ignored if \p P == NULL.
 * \param Q        The second prime factor of \p N. This may be \c NULL.
 * \param Q_len    The Byte length of \p Q; it is ignored if \p Q == NULL.
 * \param D        The private exponent. This may be \c NULL.
 * \param D_len    The Byte length of \p D; it is ignored if \p D == NULL.
 * \param E        The public exponent. This may be \c NULL.
 * \param E_len    The Byte length of \p E; it is ignored if \p E == NULL.
 *
 * \return         \c 0 on success.
 * \return         A non-zero error code on failure.
 */</pre>

      <h4 id="mbedtls_rsa_complete">Func <span>mbedtls_rsa_complete</span></h4>
      <pre class="doc-declare"><code>int mbedtls_rsa_complete( mbedtls_rsa_context *ctx );</code></pre>
      <pre class="doc-comment">/**
 * \brief          This function completes an RSA context from
 *                 a set of imported core parameters.
 *
 *                 To setup an RSA public key, precisely \p N and \p E
 *                 must have been imported.
 *
 *                 To setup an RSA private key, sufficient information must
 *                 be present for the other parameters to be derivable.
 *
 *                 The default implementation supports the following:
 *                 <ul><li>Derive \p P, \p Q from \p N, \p D, \p E.</li>
 *                 <li>Derive \p N, \p D from \p P, \p Q, \p E.</li></ul>
 *                 Alternative implementations need not support these.
 *
 *                 If this function runs successfully, it guarantees that
 *                 the RSA context can be used for RSA operations without
 *                 the risk of failure or crash.
 *
 * \warning        This function need not perform consistency checks
 *                 for the imported parameters. In particular, parameters that
 *                 are not needed by the implementation might be silently
 *                 discarded and left unchecked. To check the consistency
 *                 of the key material, see mbedtls_rsa_check_privkey().
 *
 * \param ctx      The initialized RSA context holding imported parameters.
 *
 * \return         \c 0 on success.
 * \return         #MBEDTLS_ERR_RSA_BAD_INPUT_DATA if the attempted derivations
 *                 failed.
 *
 */</pre>

      <h4 id="mbedtls_rsa_export">Func <span>mbedtls_rsa_export</span></h4>
      <pre class="doc-declare"><code>int mbedtls_rsa_export( const mbedtls_rsa_context *ctx,
                       mbedtls_mpi *N, mbedtls_mpi *P, mbedtls_mpi *Q,
                       mbedtls_mpi *D, mbedtls_mpi *E );</code></pre>
      <pre class="doc-comment">/**
 * \brief          This function exports the core parameters of an RSA key.
 *
 *                 If this function runs successfully, the non-NULL buffers
 *                 pointed to by \p N, \p P, \p Q, \p D, and \p E are fully
 *                 written, with additional unused space filled leading by
 *                 zero Bytes.
 *
 *                 Possible reasons for returning
 *                 #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED:<ul>
 *                 <li>An alternative RSA implementation is in use, which
 *                 stores the key externally, and either cannot or should
 *                 not export it into RAM.</li>
 *                 <li>A SW or HW implementation might not support a certain
 *                 deduction. For example, \p P, \p Q from \p N, \p D,
 *                 and \p E if the former are not part of the
 *                 implementation.</li></ul>
 *
 *                 If the function fails due to an unsupported operation,
 *                 the RSA context stays intact and remains usable.
 *
 * \param ctx      The initialized RSA context.
 * \param N        The MPI to hold the RSA modulus.
 *                 This may be \c NULL if this field need not be exported.
 * \param P        The MPI to hold the first prime factor of \p N.
 *                 This may be \c NULL if this field need not be exported.
 * \param Q        The MPI to hold the second prime factor of \p N.
 *                 This may be \c NULL if this field need not be exported.
 * \param D        The MPI to hold the private exponent.
 *                 This may be \c NULL if this field need not be exported.
 * \param E        The MPI to hold the public exponent.
 *                 This may be \c NULL if this field need not be exported.
 *
 * \return         \c 0 on success.
 * \return         #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED if exporting the
 *                 requested parameters cannot be done due to missing
 *                 functionality or because of security policies.
 * \return         A non-zero return code on any other failure.
 *
 */</pre>

      <h4 id="mbedtls_rsa_export_raw">Func <span>mbedtls_rsa_export_raw</span></h4>
      <pre class="doc-declare"><code>int mbedtls_rsa_export_raw( const mbedtls_rsa_context *ctx,
                           unsigned char *N, size_t N_len,
                           unsigned char *P, size_t P_len,
                           unsigned char *Q, size_t Q_len,
                           unsigned char *D, size_t D_len,
                           unsigned char *E, size_t E_len );</code></pre>
      <pre class="doc-comment">/**
 * \brief          This function exports core parameters of an RSA key
 *                 in raw big-endian binary format.
 *
 *                 If this function runs successfully, the non-NULL buffers
 *                 pointed to by \p N, \p P, \p Q, \p D, and \p E are fully
 *                 written, with additional unused space filled leading by
 *                 zero Bytes.
 *
 *                 Possible reasons for returning
 *                 #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED:<ul>
 *                 <li>An alternative RSA implementation is in use, which
 *                 stores the key externally, and either cannot or should
 *                 not export it into RAM.</li>
 *                 <li>A SW or HW implementation might not support a certain
 *                 deduction. For example, \p P, \p Q from \p N, \p D,
 *                 and \p E if the former are not part of the
 *                 implementation.</li></ul>
 *                 If the function fails due to an unsupported operation,
 *                 the RSA context stays intact and remains usable.
 *
 * \note           The length parameters are ignored if the corresponding
 *                 buffer pointers are NULL.
 *
 * \param ctx      The initialized RSA context.
 * \param N        The Byte array to store the RSA modulus,
 *                 or \c NULL if this field need not be exported.
 * \param N_len    The size of the buffer for the modulus.
 * \param P        The Byte array to hold the first prime factor of \p N,
 *                 or \c NULL if this field need not be exported.
 * \param P_len    The size of the buffer for the first prime factor.
 * \param Q        The Byte array to hold the second prime factor of \p N,
 *                 or \c NULL if this field need not be exported.
 * \param Q_len    The size of the buffer for the second prime factor.
 * \param D        The Byte array to hold the private exponent,
 *                 or \c NULL if this field need not be exported.
 * \param D_len    The size of the buffer for the private exponent.
 * \param E        The Byte array to hold the public exponent,
 *                 or \c NULL if this field need not be exported.
 * \param E_len    The size of the buffer for the public exponent.
 *
 * \return         \c 0 on success.
 * \return         #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED if exporting the
 *                 requested parameters cannot be done due to missing
 *                 functionality or because of security policies.
 * \return         A non-zero return code on any other failure.
 */</pre>

      <h4 id="mbedtls_rsa_export_crt">Func <span>mbedtls_rsa_export_crt</span></h4>
      <pre class="doc-declare"><code>int mbedtls_rsa_export_crt( const mbedtls_rsa_context *ctx,
                           mbedtls_mpi *DP, mbedtls_mpi *DQ, mbedtls_mpi *QP );</code></pre>
      <pre class="doc-comment">/**
 * \brief          This function exports CRT parameters of a private RSA key.
 *
 * \note           Alternative RSA implementations not using CRT-parameters
 *                 internally can implement this function based on
 *                 mbedtls_rsa_deduce_opt().
 *
 * \param ctx      The initialized RSA context.
 * \param DP       The MPI to hold \c D modulo `P-1`,
 *                 or \c NULL if it need not be exported.
 * \param DQ       The MPI to hold \c D modulo `Q-1`,
 *                 or \c NULL if it need not be exported.
 * \param QP       The MPI to hold modular inverse of \c Q modulo \c P,
 *                 or \c NULL if it need not be exported.
 *
 * \return         \c 0 on success.
 * \return         A non-zero error code on failure.
 *
 */</pre>

      <h4 id="mbedtls_rsa_set_padding">Func <span>mbedtls_rsa_set_padding</span></h4>
      <pre class="doc-declare"><code>void mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding,
                             int hash_id );</code></pre>
      <pre class="doc-comment">/**
 * \brief          This function sets padding for an already initialized RSA
 *                 context. See mbedtls_rsa_init() for details.
 *
 * \param ctx      The initialized RSA context to be configured.
 * \param padding  The padding mode to use. This must be either
 *                 #MBEDTLS_RSA_PKCS_V15 or #MBEDTLS_RSA_PKCS_V21.
 * \param hash_id  The #MBEDTLS_RSA_PKCS_V21 hash identifier.
 */</pre>

      <h4 id="mbedtls_rsa_get_len">Func <span>mbedtls_rsa_get_len</span></h4>
      <pre class="doc-declare"><code>size_t mbedtls_rsa_get_len( const mbedtls_rsa_context *ctx );</code></pre>
      <pre class="doc-comment">/**
 * \brief          This function retrieves the length of RSA modulus in Bytes.
 *
 * \param ctx      The initialized RSA context.
 *
 * \return         The length of the RSA modulus in Bytes.
 *
 */</pre>

      <h4 id="mbedtls_rsa_gen_key">Func <span>mbedtls_rsa_gen_key</span></h4>
      <pre class="doc-declare"><code>int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx,
                        int (*f_rng)(void *, unsigned char *, size_t),
                        void *p_rng,
                        unsigned int nbits, int exponent );</code></pre>
      <pre class="doc-comment">/**
 * \brief          This function generates an RSA keypair.
 *
 * \note           mbedtls_rsa_init() must be called before this function,
 *                 to set up the RSA context.
 *
 * \param ctx      The initialized RSA context used to hold the key.
 * \param f_rng    The RNG function to be used for key generation.
 *                 This must not be \c NULL.
 * \param p_rng    The RNG context to be passed to \p f_rng.
 *                 This may be \c NULL if \p f_rng doesn't need a context.
 * \param nbits    The size of the public key in bits.
 * \param exponent The public exponent to use. For example, \c 65537.
 *                 This must be odd and greater than \c 1.
 *
 * \return         \c 0 on success.
 * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
 */</pre>

      <h4 id="mbedtls_rsa_check_pubkey">Func <span>mbedtls_rsa_check_pubkey</span></h4>
      <pre class="doc-declare"><code>int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx );</code></pre>
      <pre class="doc-comment">/**
 * \brief          This function checks if a context contains at least an RSA
 *                 public key.
 *
 *                 If the function runs successfully, it is guaranteed that
 *                 enough information is present to perform an RSA public key
 *                 operation using mbedtls_rsa_public().
 *
 * \param ctx      The initialized RSA context to check.
 *
 * \return         \c 0 on success.
 * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
 *
 */</pre>

      <h4 id="mbedtls_rsa_check_privkey">Func <span>mbedtls_rsa_check_privkey</span></h4>
      <pre class="doc-declare"><code>int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx );</code></pre>
      <pre class="doc-comment">/**
 * \brief      This function checks if a context contains an RSA private key
 *             and perform basic consistency checks.
 *
 * \note       The consistency checks performed by this function not only
 *             ensure that mbedtls_rsa_private() can be called successfully
 *             on the given context, but that the various parameters are
 *             mutually consistent with high probability, in the sense that
 *             mbedtls_rsa_public() and mbedtls_rsa_private() are inverses.
 *
 * \warning    This function should catch accidental misconfigurations
 *             like swapping of parameters, but it cannot establish full
 *             trust in neither the quality nor the consistency of the key
 *             material that was used to setup the given RSA context:
 *             <ul><li>Consistency: Imported parameters that are irrelevant
 *             for the implementation might be silently dropped. If dropped,
 *             the current function does not have access to them,
 *             and therefore cannot check them. See mbedtls_rsa_complete().
 *             If you want to check the consistency of the entire
 *             content of an PKCS1-encoded RSA private key, for example, you
 *             should use mbedtls_rsa_validate_params() before setting
 *             up the RSA context.
 *             Additionally, if the implementation performs empirical checks,
 *             these checks substantiate but do not guarantee consistency.</li>
 *             <li>Quality: This function is not expected to perform
 *             extended quality assessments like checking that the prime
 *             factors are safe. Additionally, it is the responsibility of the
 *             user to ensure the trustworthiness of the source of his RSA
 *             parameters, which goes beyond what is effectively checkable
 *             by the library.</li></ul>
 *
 * \param ctx  The initialized RSA context to check.
 *
 * \return     \c 0 on success.
 * \return     An \c MBEDTLS_ERR_RSA_XXX error code on failure.
 */</pre>

      <h4 id="mbedtls_rsa_check_pub_priv">Func <span>mbedtls_rsa_check_pub_priv</span></h4>
      <pre class="doc-declare"><code>int mbedtls_rsa_check_pub_priv( const mbedtls_rsa_context *pub,
                               const mbedtls_rsa_context *prv );</code></pre>
      <pre class="doc-comment">/**
 * \brief          This function checks a public-private RSA key pair.
 *
 *                 It checks each of the contexts, and makes sure they match.
 *
 * \param pub      The initialized RSA context holding the public key.
 * \param prv      The initialized RSA context holding the private key.
 *
 * \return         \c 0 on success.
 * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
 */</pre>

      <h4 id="mbedtls_rsa_public">Func <span>mbedtls_rsa_public</span></h4>
      <pre class="doc-declare"><code>int mbedtls_rsa_public( mbedtls_rsa_context *ctx,
               const unsigned char *input,
               unsigned char *output );</code></pre>
      <pre class="doc-comment">/**
 * \brief          This function performs an RSA public key operation.
 *
 * \param ctx      The initialized RSA context to use.
 * \param input    The input buffer. This must be a readable buffer
 *                 of length \c ctx->len Bytes. For example, \c 256 Bytes
 *                 for an 2048-bit RSA modulus.
 * \param output   The output buffer. This must be a writable buffer
 *                 of length \c ctx->len Bytes. For example, \c 256 Bytes
 *                 for an 2048-bit RSA modulus.
 *
 * \note           This function does not handle message padding.
 *
 * \note           Make sure to set \p input[0] = 0 or ensure that
 *                 input is smaller than \p N.
 *
 * \return         \c 0 on success.
 * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
 */</pre>

      <h4 id="mbedtls_rsa_private">Func <span>mbedtls_rsa_private</span></h4>
      <pre class="doc-declare"><code>int mbedtls_rsa_private( mbedtls_rsa_context *ctx,
                int (*f_rng)(void *, unsigned char *, size_t),
                void *p_rng,
                const unsigned char *input,
                unsigned char *output );</code></pre>
      <pre class="doc-comment">/**
 * \brief          This function performs an RSA private key operation.
 *
 * \note           Blinding is used if and only if a PRNG is provided.
 *
 * \note           If blinding is used, both the base of exponentation
 *                 and the exponent are blinded, providing protection
 *                 against some side-channel attacks.
 *
 * \warning        It is deprecated and a security risk to not provide
 *                 a PRNG here and thereby prevent the use of blinding.
 *                 Future versions of the library may enforce the presence
 *                 of a PRNG.
 *
 * \param ctx      The initialized RSA context to use.
 * \param f_rng    The RNG function, used for blinding. It is discouraged
 *                 and deprecated to pass \c NULL here, in which case
 *                 blinding will be omitted.
 * \param p_rng    The RNG context to pass to \p f_rng. This may be \c NULL
 *                 if \p f_rng is \c NULL or if \p f_rng doesn't need a context.
 * \param input    The input buffer. This must be a readable buffer
 *                 of length \c ctx->len Bytes. For example, \c 256 Bytes
 *                 for an 2048-bit RSA modulus.
 * \param output   The output buffer. This must be a writable buffer
 *                 of length \c ctx->len Bytes. For example, \c 256 Bytes
 *                 for an 2048-bit RSA modulus.
 *
 * \return         \c 0 on success.
 * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
 *
 */</pre>

      <h4 id="mbedtls_rsa_pkcs1_encrypt">Func <span>mbedtls_rsa_pkcs1_encrypt</span></h4>
      <pre class="doc-declare"><code>int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx,
                      int (*f_rng)(void *, unsigned char *, size_t),
                      void *p_rng,
                      int mode, size_t ilen,
                      const unsigned char *input,
                      unsigned char *output );</code></pre>
      <pre class="doc-comment">/**
 * \brief          This function adds the message padding, then performs an RSA
 *                 operation.
 *
 *                 It is the generic wrapper for performing a PKCS#1 encryption
 *                 operation using the \p mode from the context.
 *
 * \deprecated     It is deprecated and discouraged to call this function
 *                 in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library
 *                 are likely to remove the \p mode argument and have it
 *                 implicitly set to #MBEDTLS_RSA_PUBLIC.
 *
 * \note           Alternative implementations of RSA need not support
 *                 mode being set to #MBEDTLS_RSA_PRIVATE and might instead
 *                 return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
 *
 * \param ctx      The initialized RSA context to use.
 * \param f_rng    The RNG to use. It is mandatory for PKCS#1 v2.1 padding
 *                 encoding, and for PKCS#1 v1.5 padding encoding when used
 *                 with \p mode set to #MBEDTLS_RSA_PUBLIC. For PKCS#1 v1.5
 *                 padding encoding and \p mode set to #MBEDTLS_RSA_PRIVATE,
 *                 it is used for blinding and should be provided in this
 *                 case; see mbedtls_rsa_private() for more.
 * \param p_rng    The RNG context to be passed to \p f_rng. May be
 *                 \c NULL if \p f_rng is \c NULL or if \p f_rng doesn't
 *                 need a context argument.
 * \param mode     The mode of operation. This must be either
 *                 #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated).
 * \param ilen     The length of the plaintext in Bytes.
 * \param input    The input data to encrypt. This must be a readable
 *                 buffer of size \p ilen Bytes. This must not be \c NULL.
 * \param output   The output buffer. This must be a writable buffer
 *                 of length \c ctx->len Bytes. For example, \c 256 Bytes
 *                 for an 2048-bit RSA modulus.
 *
 * \return         \c 0 on success.
 * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
 */</pre>

      <h4 id="mbedtls_rsa_rsaes_pkcs1_v15_encrypt">Func <span>mbedtls_rsa_rsaes_pkcs1_v15_encrypt</span></h4>
      <pre class="doc-declare"><code>int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx,
                                int (*f_rng)(void *, unsigned char *, size_t),
                                void *p_rng,
                                int mode, size_t ilen,
                                const unsigned char *input,
                                unsigned char *output );</code></pre>
      <pre class="doc-comment">/**
 * \brief          This function performs a PKCS#1 v1.5 encryption operation
 *                 (RSAES-PKCS1-v1_5-ENCRYPT).
 *
 * \deprecated     It is deprecated and discouraged to call this function
 *                 in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library
 *                 are likely to remove the \p mode argument and have it
 *                 implicitly set to #MBEDTLS_RSA_PUBLIC.
 *
 * \note           Alternative implementations of RSA need not support
 *                 mode being set to #MBEDTLS_RSA_PRIVATE and might instead
 *                 return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
 *
 * \param ctx      The initialized RSA context to use.
 * \param f_rng    The RNG function to use. It is needed for padding generation
 *                 if \p mode is #MBEDTLS_RSA_PUBLIC. If \p mode is
 *                 #MBEDTLS_RSA_PRIVATE (discouraged), it is used for
 *                 blinding and should be provided; see mbedtls_rsa_private().
 * \param p_rng    The RNG context to be passed to \p f_rng. This may
 *                 be \c NULL if \p f_rng is \c NULL or if \p f_rng
 *                 doesn't need a context argument.
 * \param mode     The mode of operation. This must be either
 *                 #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated).
 * \param ilen     The length of the plaintext in Bytes.
 * \param input    The input data to encrypt. This must be a readable
 *                 buffer of size \p ilen Bytes. This must not be \c NULL.
 * \param output   The output buffer. This must be a writable buffer
 *                 of length \c ctx->len Bytes. For example, \c 256 Bytes
 *                 for an 2048-bit RSA modulus.
 *
 * \return         \c 0 on success.
 * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
 */</pre>

      <h4 id="mbedtls_rsa_rsaes_oaep_encrypt">Func <span>mbedtls_rsa_rsaes_oaep_encrypt</span></h4>
      <pre class="doc-declare"><code>int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx,
                           int (*f_rng)(void *, unsigned char *, size_t),
                           void *p_rng,
                           int mode,
                           const unsigned char *label, size_t label_len,
                           size_t ilen,
                           const unsigned char *input,
                           unsigned char *output );</code></pre>
      <pre class="doc-comment">/**
 * \brief            This function performs a PKCS#1 v2.1 OAEP encryption
 *                   operation (RSAES-OAEP-ENCRYPT).
 *
 * \note             The output buffer must be as large as the size
 *                   of ctx->N. For example, 128 Bytes if RSA-1024 is used.
 *
 * \deprecated       It is deprecated and discouraged to call this function
 *                   in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library
 *                   are likely to remove the \p mode argument and have it
 *                   implicitly set to #MBEDTLS_RSA_PUBLIC.
 *
 * \note             Alternative implementations of RSA need not support
 *                   mode being set to #MBEDTLS_RSA_PRIVATE and might instead
 *                   return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
 *
 * \param ctx        The initnialized RSA context to use.
 * \param f_rng      The RNG function to use. This is needed for padding
 *                   generation and must be provided.
 * \param p_rng      The RNG context to be passed to \p f_rng. This may
 *                   be \c NULL if \p f_rng doesn't need a context argument.
 * \param mode       The mode of operation. This must be either
 *                   #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated).
 * \param label      The buffer holding the custom label to use.
 *                   This must be a readable buffer of length \p label_len
 *                   Bytes. It may be \c NULL if \p label_len is \c 0.
 * \param label_len  The length of the label in Bytes.
 * \param ilen       The length of the plaintext buffer \p input in Bytes.
 * \param input      The input data to encrypt. This must be a readable
 *                   buffer of size \p ilen Bytes. This must not be \c NULL.
 * \param output     The output buffer. This must be a writable buffer
 *                   of length \c ctx->len Bytes. For example, \c 256 Bytes
 *                   for an 2048-bit RSA modulus.
 *
 * \return           \c 0 on success.
 * \return           An \c MBEDTLS_ERR_RSA_XXX error code on failure.
 */</pre>

      <h4 id="mbedtls_rsa_pkcs1_decrypt">Func <span>mbedtls_rsa_pkcs1_decrypt</span></h4>
      <pre class="doc-declare"><code>int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx,
                      int (*f_rng)(void *, unsigned char *, size_t),
                      void *p_rng,
                      int mode, size_t *olen,
                      const unsigned char *input,
                      unsigned char *output,
                      size_t output_max_len );</code></pre>
      <pre class="doc-comment">/**
 * \brief          This function performs an RSA operation, then removes the
 *                 message padding.
 *
 *                 It is the generic wrapper for performing a PKCS#1 decryption
 *                 operation using the \p mode from the context.
 *
 * \note           The output buffer length \c output_max_len should be
 *                 as large as the size \p ctx->len of \p ctx->N (for example,
 *                 128 Bytes if RSA-1024 is used) to be able to hold an
 *                 arbitrary decrypted message. If it is not large enough to
 *                 hold the decryption of the particular ciphertext provided,
 *                 the function returns \c MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE.
 *
 * \deprecated     It is deprecated and discouraged to call this function
 *                 in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library
 *                 are likely to remove the \p mode argument and have it
 *                 implicitly set to #MBEDTLS_RSA_PRIVATE.
 *
 * \note           Alternative implementations of RSA need not support
 *                 mode being set to #MBEDTLS_RSA_PUBLIC and might instead
 *                 return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
 *
 * \param ctx      The initialized RSA context to use.
 * \param f_rng    The RNG function. If \p mode is #MBEDTLS_RSA_PRIVATE,
 *                 this is used for blinding and should be provided; see
 *                 mbedtls_rsa_private() for more. If \p mode is
 *                 #MBEDTLS_RSA_PUBLIC, it is ignored.
 * \param p_rng    The RNG context to be passed to \p f_rng. This may be
 *                 \c NULL if \p f_rng is \c NULL or doesn't need a context.
 * \param mode     The mode of operation. This must be either
 *                 #MBEDTLS_RSA_PRIVATE or #MBEDTLS_RSA_PUBLIC (deprecated).
 * \param olen     The address at which to store the length of
 *                 the plaintext. This must not be \c NULL.
 * \param input    The ciphertext buffer. This must be a readable buffer
 *                 of length \c ctx->len Bytes. For example, \c 256 Bytes
 *                 for an 2048-bit RSA modulus.
 * \param output   The buffer used to hold the plaintext. This must
 *                 be a writable buffer of length \p output_max_len Bytes.
 * \param output_max_len The length in Bytes of the output buffer \p output.
 *
 * \return         \c 0 on success.
 * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
 */</pre>

      <h4 id="mbedtls_rsa_rsaes_pkcs1_v15_decrypt">Func <span>mbedtls_rsa_rsaes_pkcs1_v15_decrypt</span></h4>
      <pre class="doc-declare"><code>int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx,
                                int (*f_rng)(void *, unsigned char *, size_t),
                                void *p_rng,
                                int mode, size_t *olen,
                                const unsigned char *input,
                                unsigned char *output,
                                size_t output_max_len );</code></pre>
      <pre class="doc-comment">/**
 * \brief          This function performs a PKCS#1 v1.5 decryption
 *                 operation (RSAES-PKCS1-v1_5-DECRYPT).
 *
 * \note           The output buffer length \c output_max_len should be
 *                 as large as the size \p ctx->len of \p ctx->N, for example,
 *                 128 Bytes if RSA-1024 is used, to be able to hold an
 *                 arbitrary decrypted message. If it is not large enough to
 *                 hold the decryption of the particular ciphertext provided,
 *                 the function returns #MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE.
 *
 * \deprecated     It is deprecated and discouraged to call this function
 *                 in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library
 *                 are likely to remove the \p mode argument and have it
 *                 implicitly set to #MBEDTLS_RSA_PRIVATE.
 *
 * \note           Alternative implementations of RSA need not support
 *                 mode being set to #MBEDTLS_RSA_PUBLIC and might instead
 *                 return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
 *
 * \param ctx      The initialized RSA context to use.
 * \param f_rng    The RNG function. If \p mode is #MBEDTLS_RSA_PRIVATE,
 *                 this is used for blinding and should be provided; see
 *                 mbedtls_rsa_private() for more. If \p mode is
 *                 #MBEDTLS_RSA_PUBLIC, it is ignored.
 * \param p_rng    The RNG context to be passed to \p f_rng. This may be
 *                 \c NULL if \p f_rng is \c NULL or doesn't need a context.
 * \param mode     The mode of operation. This must be either
 *                 #MBEDTLS_RSA_PRIVATE or #MBEDTLS_RSA_PUBLIC (deprecated).
 * \param olen     The address at which to store the length of
 *                 the plaintext. This must not be \c NULL.
 * \param input    The ciphertext buffer. This must be a readable buffer
 *                 of length \c ctx->len Bytes. For example, \c 256 Bytes
 *                 for an 2048-bit RSA modulus.
 * \param output   The buffer used to hold the plaintext. This must
 *                 be a writable buffer of length \p output_max_len Bytes.
 * \param output_max_len The length in Bytes of the output buffer \p output.
 *
 * \return         \c 0 on success.
 * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
 *
 */</pre>

      <h4 id="mbedtls_rsa_rsaes_oaep_decrypt">Func <span>mbedtls_rsa_rsaes_oaep_decrypt</span></h4>
      <pre class="doc-declare"><code>int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx,
                           int (*f_rng)(void *, unsigned char *, size_t),
                           void *p_rng,
                           int mode,
                           const unsigned char *label, size_t label_len,
                           size_t *olen,
                           const unsigned char *input,
                           unsigned char *output,
                           size_t output_max_len );</code></pre>
      <pre class="doc-comment">/**
 * \brief            This function performs a PKCS#1 v2.1 OAEP decryption
 *                   operation (RSAES-OAEP-DECRYPT).
 *
 * \note             The output buffer length \c output_max_len should be
 *                   as large as the size \p ctx->len of \p ctx->N, for
 *                   example, 128 Bytes if RSA-1024 is used, to be able to
 *                   hold an arbitrary decrypted message. If it is not
 *                   large enough to hold the decryption of the particular
 *                   ciphertext provided, the function returns
 *                   #MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE.
 *
 * \deprecated       It is deprecated and discouraged to call this function
 *                   in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library
 *                   are likely to remove the \p mode argument and have it
 *                   implicitly set to #MBEDTLS_RSA_PRIVATE.
 *
 * \note             Alternative implementations of RSA need not support
 *                   mode being set to #MBEDTLS_RSA_PUBLIC and might instead
 *                   return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
 *
 * \param ctx        The initialized RSA context to use.
 * \param f_rng      The RNG function. If \p mode is #MBEDTLS_RSA_PRIVATE,
 *                   this is used for blinding and should be provided; see
 *                   mbedtls_rsa_private() for more. If \p mode is
 *                   #MBEDTLS_RSA_PUBLIC, it is ignored.
 * \param p_rng      The RNG context to be passed to \p f_rng. This may be
 *                   \c NULL if \p f_rng is \c NULL or doesn't need a context.
 * \param mode       The mode of operation. This must be either
 *                   #MBEDTLS_RSA_PRIVATE or #MBEDTLS_RSA_PUBLIC (deprecated).
 * \param label      The buffer holding the custom label to use.
 *                   This must be a readable buffer of length \p label_len
 *                   Bytes. It may be \c NULL if \p label_len is \c 0.
 * \param label_len  The length of the label in Bytes.
 * \param olen       The address at which to store the length of
 *                   the plaintext. This must not be \c NULL.
 * \param input      The ciphertext buffer. This must be a readable buffer
 *                   of length \c ctx->len Bytes. For example, \c 256 Bytes
 *                   for an 2048-bit RSA modulus.
 * \param output     The buffer used to hold the plaintext. This must
 *                   be a writable buffer of length \p output_max_len Bytes.
 * \param output_max_len The length in Bytes of the output buffer \p output.
 *
 * \return         \c 0 on success.
 * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
 */</pre>

      <h4 id="mbedtls_rsa_pkcs1_sign">Func <span>mbedtls_rsa_pkcs1_sign</span></h4>
      <pre class="doc-declare"><code>int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx,
                   int (*f_rng)(void *, unsigned char *, size_t),
                   void *p_rng,
                   int mode,
                   mbedtls_md_type_t md_alg,
                   unsigned int hashlen,
                   const unsigned char *hash,
                   unsigned char *sig );</code></pre>
      <pre class="doc-comment">/**
 * \brief          This function performs a private RSA operation to sign
 *                 a message digest using PKCS#1.
 *
 *                 It is the generic wrapper for performing a PKCS#1
 *                 signature using the \p mode from the context.
 *
 * \note           The \p sig buffer must be as large as the size
 *                 of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
 *
 * \note           For PKCS#1 v2.1 encoding, see comments on
 *                 mbedtls_rsa_rsassa_pss_sign() for details on
 *                 \p md_alg and \p hash_id.
 *
 * \deprecated     It is deprecated and discouraged to call this function
 *                 in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library
 *                 are likely to remove the \p mode argument and have it
 *                 implicitly set to #MBEDTLS_RSA_PRIVATE.
 *
 * \note           Alternative implementations of RSA need not support
 *                 mode being set to #MBEDTLS_RSA_PUBLIC and might instead
 *                 return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
 *
 * \param ctx      The initialized RSA context to use.
 * \param f_rng    The RNG function to use. If the padding mode is PKCS#1 v2.1,
 *                 this must be provided. If the padding mode is PKCS#1 v1.5 and
 *                 \p mode is #MBEDTLS_RSA_PRIVATE, it is used for blinding
 *                 and should be provided; see mbedtls_rsa_private() for more
 *                 more. It is ignored otherwise.
 * \param p_rng    The RNG context to be passed to \p f_rng. This may be \c NULL
 *                 if \p f_rng is \c NULL or doesn't need a context argument.
 * \param mode     The mode of operation. This must be either
 *                 #MBEDTLS_RSA_PRIVATE or #MBEDTLS_RSA_PUBLIC (deprecated).
 * \param md_alg   The message-digest algorithm used to hash the original data.
 *                 Use #MBEDTLS_MD_NONE for signing raw data.
 * \param hashlen  The length of the message digest.
 *                 Ths is only used if \p md_alg is #MBEDTLS_MD_NONE.
 * \param hash     The buffer holding the message digest or raw data.
 *                 If \p md_alg is #MBEDTLS_MD_NONE, this must be a readable
 *                 buffer of length \p hashlen Bytes. If \p md_alg is not
 *                 #MBEDTLS_MD_NONE, it must be a readable buffer of length
 *                 the size of the hash corresponding to \p md_alg.
 * \param sig      The buffer to hold the signature. This must be a writable
 *                 buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
 *                 for an 2048-bit RSA modulus.
 *
 * \return         \c 0 if the signing operation was successful.
 * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
 */</pre>

      <h4 id="mbedtls_rsa_rsassa_pkcs1_v15_sign">Func <span>mbedtls_rsa_rsassa_pkcs1_v15_sign</span></h4>
      <pre class="doc-declare"><code>int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx,
                              int (*f_rng)(void *, unsigned char *, size_t),
                              void *p_rng,
                              int mode,
                              mbedtls_md_type_t md_alg,
                              unsigned int hashlen,
                              const unsigned char *hash,
                              unsigned char *sig );</code></pre>
      <pre class="doc-comment">/**
 * \brief          This function performs a PKCS#1 v1.5 signature
 *                 operation (RSASSA-PKCS1-v1_5-SIGN).
 *
 * \deprecated     It is deprecated and discouraged to call this function
 *                 in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library
 *                 are likely to remove the \p mode argument and have it
 *                 implicitly set to #MBEDTLS_RSA_PRIVATE.
 *
 * \note           Alternative implementations of RSA need not support
 *                 mode being set to #MBEDTLS_RSA_PUBLIC and might instead
 *                 return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
 *
 * \param ctx      The initialized RSA context to use.
 * \param f_rng    The RNG function. If \p mode is #MBEDTLS_RSA_PRIVATE,
 *                 this is used for blinding and should be provided; see
 *                 mbedtls_rsa_private() for more. If \p mode is
 *                 #MBEDTLS_RSA_PUBLIC, it is ignored.
 * \param p_rng    The RNG context to be passed to \p f_rng. This may be \c NULL
 *                 if \p f_rng is \c NULL or doesn't need a context argument.
 * \param mode     The mode of operation. This must be either
 *                 #MBEDTLS_RSA_PRIVATE or #MBEDTLS_RSA_PUBLIC (deprecated).
 * \param md_alg   The message-digest algorithm used to hash the original data.
 *                 Use #MBEDTLS_MD_NONE for signing raw data.
 * \param hashlen  The length of the message digest.
 *                 Ths is only used if \p md_alg is #MBEDTLS_MD_NONE.
 * \param hash     The buffer holding the message digest or raw data.
 *                 If \p md_alg is #MBEDTLS_MD_NONE, this must be a readable
 *                 buffer of length \p hashlen Bytes. If \p md_alg is not
 *                 #MBEDTLS_MD_NONE, it must be a readable buffer of length
 *                 the size of the hash corresponding to \p md_alg.
 * \param sig      The buffer to hold the signature. This must be a writable
 *                 buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
 *                 for an 2048-bit RSA modulus.
 *
 * \return         \c 0 if the signing operation was successful.
 * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
 */</pre>

      <h4 id="mbedtls_rsa_rsassa_pss_sign">Func <span>mbedtls_rsa_rsassa_pss_sign</span></h4>
      <pre class="doc-declare"><code>int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx,
                        int (*f_rng)(void *, unsigned char *, size_t),
                        void *p_rng,
                        int mode,
                        mbedtls_md_type_t md_alg,
                        unsigned int hashlen,
                        const unsigned char *hash,
                        unsigned char *sig );</code></pre>
      <pre class="doc-comment">/**
 * \brief          This function performs a PKCS#1 v2.1 PSS signature
 *                 operation (RSASSA-PSS-SIGN).
 *
 * \note           The \p hash_id in the RSA context is the one used for the
 *                 encoding. \p md_alg in the function call is the type of hash
 *                 that is encoded. According to <em>RFC-3447: Public-Key
 *                 Cryptography Standards (PKCS) #1 v2.1: RSA Cryptography
 *                 Specifications</em> it is advised to keep both hashes the
 *                 same.
 *
 * \note           This function always uses the maximum possible salt size,
 *                 up to the length of the payload hash. This choice of salt
 *                 size complies with FIPS 186-4 §5.5 (e) and RFC 8017 (PKCS#1
 *                 v2.2) §9.1.1 step 3. Furthermore this function enforces a
 *                 minimum salt size which is the hash size minus 2 bytes. If
 *                 this minimum size is too large given the key size (the salt
 *                 size, plus the hash size, plus 2 bytes must be no more than
 *                 the key size in bytes), this function returns
 *                 #MBEDTLS_ERR_RSA_BAD_INPUT_DATA.
 *
 * \deprecated     It is deprecated and discouraged to call this function
 *                 in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library
 *                 are likely to remove the \p mode argument and have it
 *                 implicitly set to #MBEDTLS_RSA_PRIVATE.
 *
 * \note           Alternative implementations of RSA need not support
 *                 mode being set to #MBEDTLS_RSA_PUBLIC and might instead
 *                 return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
 *
 * \param ctx      The initialized RSA context to use.
 * \param f_rng    The RNG function. It must not be \c NULL.
 * \param p_rng    The RNG context to be passed to \p f_rng. This may be \c NULL
 *                 if \p f_rng doesn't need a context argument.
 * \param mode     The mode of operation. This must be either
 *                 #MBEDTLS_RSA_PRIVATE or #MBEDTLS_RSA_PUBLIC (deprecated).
 * \param md_alg   The message-digest algorithm used to hash the original data.
 *                 Use #MBEDTLS_MD_NONE for signing raw data.
 * \param hashlen  The length of the message digest.
 *                 Ths is only used if \p md_alg is #MBEDTLS_MD_NONE.
 * \param hash     The buffer holding the message digest or raw data.
 *                 If \p md_alg is #MBEDTLS_MD_NONE, this must be a readable
 *                 buffer of length \p hashlen Bytes. If \p md_alg is not
 *                 #MBEDTLS_MD_NONE, it must be a readable buffer of length
 *                 the size of the hash corresponding to \p md_alg.
 * \param sig      The buffer to hold the signature. This must be a writable
 *                 buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
 *                 for an 2048-bit RSA modulus.
 *
 * \return         \c 0 if the signing operation was successful.
 * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
 */</pre>

      <h4 id="mbedtls_rsa_pkcs1_verify">Func <span>mbedtls_rsa_pkcs1_verify</span></h4>
      <pre class="doc-declare"><code>int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx,
                     int (*f_rng)(void *, unsigned char *, size_t),
                     void *p_rng,
                     int mode,
                     mbedtls_md_type_t md_alg,
                     unsigned int hashlen,
                     const unsigned char *hash,
                     const unsigned char *sig );</code></pre>
      <pre class="doc-comment">/**
 * \brief          This function performs a public RSA operation and checks
 *                 the message digest.
 *
 *                 This is the generic wrapper for performing a PKCS#1
 *                 verification using the mode from the context.
 *
 * \note           For PKCS#1 v2.1 encoding, see comments on
 *                 mbedtls_rsa_rsassa_pss_verify() about \p md_alg and
 *                 \p hash_id.
 *
 * \deprecated     It is deprecated and discouraged to call this function
 *                 in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library
 *                 are likely to remove the \p mode argument and have it
 *                 set to #MBEDTLS_RSA_PUBLIC.
 *
 * \note           Alternative implementations of RSA need not support
 *                 mode being set to #MBEDTLS_RSA_PRIVATE and might instead
 *                 return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
 *
 * \param ctx      The initialized RSA public key context to use.
 * \param f_rng    The RNG function to use. If \p mode is #MBEDTLS_RSA_PRIVATE,
 *                 this is used for blinding and should be provided; see
 *                 mbedtls_rsa_private() for more. Otherwise, it is ignored.
 * \param p_rng    The RNG context to be passed to \p f_rng. This may be
 *                 \c NULL if \p f_rng is \c NULL or doesn't need a context.
 * \param mode     The mode of operation. This must be either
 *                 #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated).
 * \param md_alg   The message-digest algorithm used to hash the original data.
 *                 Use #MBEDTLS_MD_NONE for signing raw data.
 * \param hashlen  The length of the message digest.
 *                 This is only used if \p md_alg is #MBEDTLS_MD_NONE.
 * \param hash     The buffer holding the message digest or raw data.
 *                 If \p md_alg is #MBEDTLS_MD_NONE, this must be a readable
 *                 buffer of length \p hashlen Bytes. If \p md_alg is not
 *                 #MBEDTLS_MD_NONE, it must be a readable buffer of length
 *                 the size of the hash corresponding to \p md_alg.
 * \param sig      The buffer holding the signature. This must be a readable
 *                 buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
 *                 for an 2048-bit RSA modulus.
 *
 * \return         \c 0 if the verify operation was successful.
 * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
 */</pre>

      <h4 id="mbedtls_rsa_rsassa_pkcs1_v15_verify">Func <span>mbedtls_rsa_rsassa_pkcs1_v15_verify</span></h4>
      <pre class="doc-declare"><code>int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx,
                                int (*f_rng)(void *, unsigned char *, size_t),
                                void *p_rng,
                                int mode,
                                mbedtls_md_type_t md_alg,
                                unsigned int hashlen,
                                const unsigned char *hash,
                                const unsigned char *sig );</code></pre>
      <pre class="doc-comment">/**
 * \brief          This function performs a PKCS#1 v1.5 verification
 *                 operation (RSASSA-PKCS1-v1_5-VERIFY).
 *
 * \deprecated     It is deprecated and discouraged to call this function
 *                 in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library
 *                 are likely to remove the \p mode argument and have it
 *                 set to #MBEDTLS_RSA_PUBLIC.
 *
 * \note           Alternative implementations of RSA need not support
 *                 mode being set to #MBEDTLS_RSA_PRIVATE and might instead
 *                 return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
 *
 * \param ctx      The initialized RSA public key context to use.
 * \param f_rng    The RNG function to use. If \p mode is #MBEDTLS_RSA_PRIVATE,
 *                 this is used for blinding and should be provided; see
 *                 mbedtls_rsa_private() for more. Otherwise, it is ignored.
 * \param p_rng    The RNG context to be passed to \p f_rng. This may be
 *                 \c NULL if \p f_rng is \c NULL or doesn't need a context.
 * \param mode     The mode of operation. This must be either
 *                 #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated).
 * \param md_alg   The message-digest algorithm used to hash the original data.
 *                 Use #MBEDTLS_MD_NONE for signing raw data.
 * \param hashlen  The length of the message digest.
 *                 This is only used if \p md_alg is #MBEDTLS_MD_NONE.
 * \param hash     The buffer holding the message digest or raw data.
 *                 If \p md_alg is #MBEDTLS_MD_NONE, this must be a readable
 *                 buffer of length \p hashlen Bytes. If \p md_alg is not
 *                 #MBEDTLS_MD_NONE, it must be a readable buffer of length
 *                 the size of the hash corresponding to \p md_alg.
 * \param sig      The buffer holding the signature. This must be a readable
 *                 buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
 *                 for an 2048-bit RSA modulus.
 *
 * \return         \c 0 if the verify operation was successful.
 * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
 */</pre>

      <h4 id="mbedtls_rsa_rsassa_pss_verify">Func <span>mbedtls_rsa_rsassa_pss_verify</span></h4>
      <pre class="doc-declare"><code>int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx,
                          int (*f_rng)(void *, unsigned char *, size_t),
                          void *p_rng,
                          int mode,
                          mbedtls_md_type_t md_alg,
                          unsigned int hashlen,
                          const unsigned char *hash,
                          const unsigned char *sig );</code></pre>
      <pre class="doc-comment">/**
 * \brief          This function performs a PKCS#1 v2.1 PSS verification
 *                 operation (RSASSA-PSS-VERIFY).
 *
 *                 The hash function for the MGF mask generating function
 *                 is that specified in the RSA context.
 *
 * \note           The \p hash_id in the RSA context is the one used for the
 *                 verification. \p md_alg in the function call is the type of
 *                 hash that is verified. According to <em>RFC-3447: Public-Key
 *                 Cryptography Standards (PKCS) #1 v2.1: RSA Cryptography
 *                 Specifications</em> it is advised to keep both hashes the
 *                 same. If \p hash_id in the RSA context is unset,
 *                 the \p md_alg from the function call is used.
 *
 * \deprecated     It is deprecated and discouraged to call this function
 *                 in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library
 *                 are likely to remove the \p mode argument and have it
 *                 implicitly set to #MBEDTLS_RSA_PUBLIC.
 *
 * \note           Alternative implementations of RSA need not support
 *                 mode being set to #MBEDTLS_RSA_PRIVATE and might instead
 *                 return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
 *
 * \param ctx      The initialized RSA public key context to use.
 * \param f_rng    The RNG function to use. If \p mode is #MBEDTLS_RSA_PRIVATE,
 *                 this is used for blinding and should be provided; see
 *                 mbedtls_rsa_private() for more. Otherwise, it is ignored.
 * \param p_rng    The RNG context to be passed to \p f_rng. This may be
 *                 \c NULL if \p f_rng is \c NULL or doesn't need a context.
 * \param mode     The mode of operation. This must be either
 *                 #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated).
 * \param md_alg   The message-digest algorithm used to hash the original data.
 *                 Use #MBEDTLS_MD_NONE for signing raw data.
 * \param hashlen  The length of the message digest.
 *                 This is only used if \p md_alg is #MBEDTLS_MD_NONE.
 * \param hash     The buffer holding the message digest or raw data.
 *                 If \p md_alg is #MBEDTLS_MD_NONE, this must be a readable
 *                 buffer of length \p hashlen Bytes. If \p md_alg is not
 *                 #MBEDTLS_MD_NONE, it must be a readable buffer of length
 *                 the size of the hash corresponding to \p md_alg.
 * \param sig      The buffer holding the signature. This must be a readable
 *                 buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
 *                 for an 2048-bit RSA modulus.
 *
 * \return         \c 0 if the verify operation was successful.
 * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
 */</pre>

      <h4 id="mbedtls_rsa_rsassa_pss_verify_ext">Func <span>mbedtls_rsa_rsassa_pss_verify_ext</span></h4>
      <pre class="doc-declare"><code>int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx,
                              int (*f_rng)(void *, unsigned char *, size_t),
                              void *p_rng,
                              int mode,
                              mbedtls_md_type_t md_alg,
                              unsigned int hashlen,
                              const unsigned char *hash,
                              mbedtls_md_type_t mgf1_hash_id,
                              int expected_salt_len,
                              const unsigned char *sig );</code></pre>
      <pre class="doc-comment">/**
 * \brief          This function performs a PKCS#1 v2.1 PSS verification
 *                 operation (RSASSA-PSS-VERIFY).
 *
 *                 The hash function for the MGF mask generating function
 *                 is that specified in \p mgf1_hash_id.
 *
 * \note           The \p sig buffer must be as large as the size
 *                 of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
 *
 * \note           The \p hash_id in the RSA context is ignored.
 *
 * \param ctx      The initialized RSA public key context to use.
 * \param f_rng    The RNG function to use. If \p mode is #MBEDTLS_RSA_PRIVATE,
 *                 this is used for blinding and should be provided; see
 *                 mbedtls_rsa_private() for more. Otherwise, it is ignored.
 * \param p_rng    The RNG context to be passed to \p f_rng. This may be
 *                 \c NULL if \p f_rng is \c NULL or doesn't need a context.
 * \param mode     The mode of operation. This must be either
 *                 #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
 * \param md_alg   The message-digest algorithm used to hash the original data.
 *                 Use #MBEDTLS_MD_NONE for signing raw data.
 * \param hashlen  The length of the message digest.
 *                 This is only used if \p md_alg is #MBEDTLS_MD_NONE.
 * \param hash     The buffer holding the message digest or raw data.
 *                 If \p md_alg is #MBEDTLS_MD_NONE, this must be a readable
 *                 buffer of length \p hashlen Bytes. If \p md_alg is not
 *                 #MBEDTLS_MD_NONE, it must be a readable buffer of length
 *                 the size of the hash corresponding to \p md_alg.
 * \param mgf1_hash_id      The message digest used for mask generation.
 * \param expected_salt_len The length of the salt used in padding. Use
 *                          #MBEDTLS_RSA_SALT_LEN_ANY to accept any salt length.
 * \param sig      The buffer holding the signature. This must be a readable
 *                 buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
 *                 for an 2048-bit RSA modulus.
 *
 * \return         \c 0 if the verify operation was successful.
 * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
 */</pre>

      <h4 id="mbedtls_rsa_copy">Func <span>mbedtls_rsa_copy</span></h4>
      <pre class="doc-declare"><code>int mbedtls_rsa_copy( mbedtls_rsa_context *dst, const mbedtls_rsa_context *src );</code></pre>
      <pre class="doc-comment">/**
 * \brief          This function copies the components of an RSA context.
 *
 * \param dst      The destination context. This must be initialized.
 * \param src      The source context. This must be initialized.
 *
 * \return         \c 0 on success.
 * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory allocation failure.
 */</pre>

      <h4 id="mbedtls_rsa_free">Func <span>mbedtls_rsa_free</span></h4>
      <pre class="doc-declare"><code>void mbedtls_rsa_free( mbedtls_rsa_context *ctx );</code></pre>
      <pre class="doc-comment">/**
 * \brief          This function frees the components of an RSA key.
 *
 * \param ctx      The RSA context to free. May be \c NULL, in which case
 *                 this function is a no-op. If it is not \c NULL, it must
 *                 point to an initialized RSA context.
 */</pre>

      <h4 id="mbedtls_rsa_self_test">Func <span>mbedtls_rsa_self_test</span></h4>
      <pre class="doc-declare"><code>int mbedtls_rsa_self_test( int verbose );</code></pre>
      <pre class="doc-comment">/**
 * \brief          The RSA checkup routine.
 *
 * \return         \c 0 on success.
 * \return         \c 1 on failure.
 */</pre>
      <h3 id="vars">Vars</h3>
      
      <h3 id="consts">Consts</h3>
      
      <h3 id="types">Types</h3>
      
      <h3 id="typedefs">Typedefs</h3>
      

      <h4 id="
mbedtls_rsa_context;
">Typedef <span>
mbedtls_rsa_context;
</span></h4>
      <pre class="doc-declare"><code>typedef struct mbedtls_rsa_context
{
   int ver;                   /*!<  Always 0.*/
   size_t len;                /*!<  The size of \p N in Bytes. */

   mbedtls_mpi N;             /*!<  The public modulus. */
   mbedtls_mpi E;             /*!<  The public exponent. */

   mbedtls_mpi D;             /*!<  The private exponent. */
   mbedtls_mpi P;             /*!<  The first prime factor. */
   mbedtls_mpi Q;             /*!<  The second prime factor. */

   mbedtls_mpi DP;            /*!<  <code>D % (P - 1)</code>. */
   mbedtls_mpi DQ;            /*!<  <code>D % (Q - 1)</code>. */
   mbedtls_mpi QP;            /*!<  <code>1 / (Q % P)</code>. */

   mbedtls_mpi RN;            /*!<  cached <code>R^2 mod N</code>. */

   mbedtls_mpi RP;            /*!<  cached <code>R^2 mod P</code>. */
   mbedtls_mpi RQ;            /*!<  cached <code>R^2 mod Q</code>. */

   mbedtls_mpi Vi;            /*!<  The cached blinding value. */
   mbedtls_mpi Vf;            /*!<  The cached un-blinding value. */

   int padding;               /*!< Selects padding mode:
                                     #MBEDTLS_RSA_PKCS_V15 for 1.5 padding and
                                     #MBEDTLS_RSA_PKCS_V21 for OAEP or PSS. */
   int hash_id;               /*!< Hash identifier of mbedtls_md_type_t type,
                                     as specified in md.h for use in the MGF
                                     mask generating function used in the
                                     EME-OAEP and EMSA-PSS encodings. */
#if defined(MBEDTLS_THREADING_C)
   mbedtls_threading_mutex_t mutex;   /*!<  Thread-safety mutex. */
#endif
}
mbedtls_rsa_context;
</code></pre>
      <pre class="doc-comment">/**
 * \brief   The RSA context structure.
 *
 * \note    Direct manipulation of the members of this structure
 *          is deprecated. All manipulation should instead be done through
 *          the public interface functions.
 */</pre>
    </div>
  </body>
</html>
            